HackDig : Dig high-quality web security articles for hacker

IBM X-Force Research recently discovered a small-scale malware campaign involving a Neutrino bot, aka Kasidet, dropping a payload that contains two Zeus malware breeds: Atmos and Zberp. Both of these codes are based on the leaked source code of the Zeus V2 banking Trojan that was exposed publicly in 2011.
The Zberp Trojan, which is a subvariant of ZeusVM mix

In 2007, no one expected ZeuS to have such a brutal impact on the digital world. But two years later, Zbot, another of the names it is known by, became a milestone in the history of cybersecurity. With more than 3.6 million infected computers in 2009, ZeuS compromised more than 74,000 FTP accounts on such important networks as those of NASA, ABC, Oracle, Cis

We first detected the banking malware EMOTET back in 2014, we looked into the banking malware’s routines and behaviors and took note of its information stealing abilities via network sniffing. After a period of relative inactivity, it appears it’s making a comeback with increased activity from new variants (Detected by Trend Micro as TSPY_EMOTET.AUSJLA

This is the first installment in an ongoing series about banking malware that faded away in 2017.
Cybercrime is a very dynamic threat landscape. With over 100 million malware strains tracked by AV-TEST in 2016, malware can be a dime a dozen. When it comes to the more organized cybercrime groups and sophisticated banking Trojan projects, malware families are

The TrickBot Trojan has been steadily ramping up its activity this year, going into a rather intensive period of updates and attacks that started in Q2 2017. From the looks of it, TrickBot’s operators have been investing heavily into widening the scope of their attacks and are preparing redirection attacks against banks in 19 different countries.
After

One large group will slowly conquer another large group, reduce its numbers, and thus lessen its chance of further variation and improvement. <…> Small and broken groups and sub-groups will finally tend to disappear.
Charles Darwin. ‘On the Origin of Species’
The golden age of Trojans and viruses has long gone. Malicious programs

IBM X-Force Research detected a new wave of TrickBot attacks targeting banks in Nordic countries. The malware expanded its configurations to launch fraud attacks against banks in Sweden, Finland, Norway, Denmark and Iceland, among the other geographies it targets.
Moreover, the malware, which has been testing redirection attacks on one bank in France, now ta

Lately, IBM X-Force Research has seen the Zeus Sphinx Trojan go through a targetless phase, an exceedingly rare occurrence in the cybercrime arena.
Recent Zeus Sphinx samples have fetched configuration files in which all the target URLs were removed. This means that while Sphinx infection campaigns continue and the malware can infect new machines, it remains

Security Experts at Arbor Networks have spotted a new banking trojan, initially called ‘Matrix Banker’, that is targeting Latin America.
Malware researchers at Arbor Networks have spotted a new banking trojan, initially called ‘Matrix Banker’, that is targeting Latin America.
The malicious code seems to be still under development, mo

In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system, it also injects malicious code into the system runtime libraries. Kaspersky Lab products detect it as Trojan.AndroidOS.Dvmap.a.
The distribution of rooting malware thr

IBM X-Force Research recently observed a wave of malware-induced Active Directory (AD) lockouts across several incident response engagements. The lockouts caused hundreds to thousands of AD users to get locked out of their company’s domain in rapid succession, leaving employees of the impacted organizations unable to access their endpoints, company ser

Earlier in May, I reported that GootKit had launched redirection attacks for the first time. The malware prepared for its new modus operandi in the U.K., targeting major banks there with this advanced browsing manipulation attack. I also predicted that this was just a test and that we’re about to see more.
That prediction has come true. GootKit officia

While going over some recent GootKit configurations, I came across an unfamiliar URL format that includes two URLs instead of one. It only takes a fraction of a second to understand: GootKit has launched redirection attacks — a more advanced way to manipulate online banking sessions than the typical webinjection attacks its operators had used up until now.
M

I’ll bet no one is missing the Neverquest Trojan, and maybe that’s why many have not even realized one of the top cybergang-operated malware codes has taken a substantial plunge this year.
The Neverquest Trojan, a consistent occupant of the top 10 most active banking Trojans in the world, has suffered a blow due to the arrest of one of its allege

While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil. Harvesting victims via weakly protected RDP (remote desktop protocol) connections, criminals are manually installing the ransomware and encrypting any files which can be found on the system.
Interesti